*Note* We use the Active Directory Sync tool to sync the OUs and Users.
Alright, so after a lot of consideration, confusion and debating [see item #2] I *think* we have a nice organizational structure for our Users and our Chromebook devices.
When the "Devices" tab emerged in the console I immediately thought it did not make sense to use the same User Org structure for the Device Org structure. I'm still not 100% sure I'm wrong on that but I've softened on the idea because we actually have added the school/building into our structure where before we only had our User Orgs by Grad year. Before, we did not have building in our structure. It used to look like this:
I don't manage hardware devices in our district but I would assume I would want to organize them by building. Now it looks like this:
You'll also notice that we've added a "Devices" OU under each school. I still think it is potentially confusing to Admins to use the same OUs for Devices and Users when you're setting settings because you could be selecting an OU, changing a setting for users (or so you think) BUT you're really setting it for the DEVICES in that OU.
There is still one more issue to solve and that's creating OUs for things like "testing" "Guest Access" "Public Sessions", etc. What we've done for that is create a "Local" OU where we have excluded everything in the "Local" OU to be synced with our Active Directory. So, anything under Local won't be touched. We already had this added for Users who are not in our AD for whatever reason. Ex: interns, local accounts, long call subs, etc. Below in the black outline is our "Local" OU and the highlighted green part are the OUs for the devices.
Who knows, this might change in the future but I'm okay with it for now. I hope that searching, modifying and moving devices becomes easier in the future anyways so if we do want to change it will be quite easy.
So why make different OUs for devices?
The ability to set different device settings for groups of devices:
- Turning on Guest Access for a set of devices for public use.
- Turning on Public Sessions (kiosk feature) for [student] testing purposes.
- Turning on the "show usernames and photos" if you're in a 1:1 environment. (We have this setting OFF but if we were completely 1:1 it'd be nice to turn on)
- Better visual organization.
- Making an OU for "removed" (old/returned) devices. I don't think there is the ability yet to delete a device from your console.
- Technical testing purposes.
Other reasons that are (Chrome) User Settings based (besides the obvious turn on/off services per user/grade level):
- Show different Recommended Apps in the Chrome Web Store per grade.
- Pre-install Chrome apps and extensions.
- Give certain people the ability to push out pre-installed Chrome extensions per school/grade.
Obviously, there are a lot more reasons but those are the ones that popped in my mind which are new because of the Chromebook Management additions and features. So that's how we're currently organizing things but who knows if we'll think of a better way tomorrow!
Very informative blog... I appreciate your writing and knowledge on Chrome OS kiosk mode. Very helpful. Thanks for sharing
ReplyDelete